Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Import Policy Templates

NOTE: From the SSE 6.6.2 release, the Policy Templates that contain Data Identifiers (legacy DLP features) are available to users who have already defined DLP policies using these templates. It will not be available to other users. Skyhigh recommends using classifications to define rules in your DLP policies. For details, see About Classifications.

You can export policies from one tenant and import them to other tenants. As a result, it is easy to meet compliance or security needs without recreating policies. These imported policies can also be deleted if they are no longer needed or outdated.

IMPORTANT: Skyhigh CASB does not support importing or exporting policies or policy templates that include more than 50 rule groups or that exceed 64 KB in size, whichever limit is reached earlier.

Import Policy Templates

To import a template:

  1. Go to Policy > Policy Templates
  2. Select the Table View
  3. Click Actions > Import Template(s).
    Policy Templates Import Template.png
     
  4. Click Choose File and locate the .zip file containing the template or templates you would like to import. Click Import Template(s).
    Policy Template Import Confirm.png

Known Issue: When importing a policy template from one tenant to another tenant, the Responses wizard displays an empty incident status and is unable to save the DLP Policy as it continuously loads. This is due to the Custom Incident Status selected in Tenant 1 not being available in Tenant 2, resulting in an empty incident status.
DLP_1.png

As a workaround, Unassigned is given as a new incident status on the Responses wizard which allows you to save your DLP policies without issue.
Incident_status_selection2.png

Policy Validation Improvements

While importing DLP Policies from one tenant to another, you may find validation errors. The validation error occurs because dictionaries are not synchronized from one tenant to another. If synchronization happens, you don’t see any validation errors.

To overcome these validation errors, the process has been improved for:

  • Collaboration Rule
  • Data Identifier Rule
  • Classifications
  • Bulk Activations with Invalid Classifications
  • Fingerprints

Collaboration Rule

  1. Go to Policy > DLP Policies > DLP Policies.clipboard_e98e402c6331d0e5443eced3c55b59633.png
  2. Select the Policy you have imported and listed as Inactive, to check the Validation errors.clipboard_eea1b9303b2ea7e274470270816f00cab.png
  3. On IF that the Collaboration Rule is using the Dictionary "keycron5" (custom dictionary) and isn't present in this particular tenant. To check if the dictionary is present in the tenant, go to Policy > DLP Policies > Dictionaries.
  4. To validate, go to Rules > Edit and provide a proper custom dictionary.clipboard_e07c05b5f9d1839590415e38f393e2252.png
  5. For example, Select Anyone.
  6. Select Done.
  7. Do the same for AND, for Sharing To as the example below.clipboard_e48b7016c1b0845b58e11a0a4356f78d3.png
  8. Select Done.
  9. The Result is displayed.
    clipboard_ec10a7eb2023d9999418e058ca002da08.png
  10. Select Next.
  11. You will see no more validation errors on the next page.
  12. Select Save.
    clipboard_e11ef33b2950abc2ac122b838628bc05a.png

Now the  Validation errors for the Collaboration Rule are resolved and to Activate Policy, go to Actions > Activate Policy.

Data Identifier Rule

  1. On your DLP Policies list, you see your Data Identifier Rule listed, with Inactive Status and if you select it, you will see the Validation errors.
  2. In this example, you have many places where you can observe those errors.clipboard_ea1dca86c15c695305811dbfecf19eca2.pngclipboard_edf2e70aeae26e81be67e709f23414f16.png
  3. To validate, go to Rules > Edit and provide a proper custom dictionary.
  4. On the right Select Exclude, click Use a predefined dictionary > Dictionary > Select a Dictionary.clipboard_e822cc805ed1f34be67e862253e034243.png
  5. Select Done. The validation error won't show again.
  6. Then go to Keyword Validation, go to Select Data Identifier > Keyword List.clipboard_e1143ba889a1ebdcbedf08feb99ace7d8.png
  7. Select Done.
  8. Do the same for Exclude, go to Select Exclude > Use a predefined dictionary > Select a Dictionary.clipboard_e000e23eb75c30d584b156b2c271737dd.png
  9. Select Done.
  10. Select Next and Save.

Now the  Validation errors for Data Identifier Rule are resolved and to Activate Policy, go to Actions > Activate Policy.

Classifications

  1. On your DLP Policies list you will see your Classification Rule listed, with Inactive Status, and if you select it, you will see the Validation errors.clipboard_e1f348bc0f35a857c1192c7b116fa5243.png
  2. To validate, go to Rules > Edit and provide a proper classification.clipboard_e8b33a40573149e9d5bba0763fc93716e.png
  3. Select Done. The validation error won't show again.
  4. Select Next and Save.

Now the  Validation errors for Missing Classifications are resolved and to Activate Policy, go to Actions > Activate Policy.

Bulk Activation with Invalid Classification

  1. On your DLP Policies list you see many Policies with Missing or wrong Classifications, select them, the Validation errors will be displayed.clipboard_ebdae1201ba41c7523750c84c4979e9ea.png
  2. Check Missing Classifications, the invalid Classification(s) will be displayed.
  3. If you want to check one of the listed Polices, select and go directly to the Edit screen.clipboard_ee59286dfff9d5c51bf8489e3275c40d0.png

Here you can use the same process mentioned for Classification.

  1. Select Done. The validation error won't show again.
  2. Select Next and Save.
    clipboard_e09da58430b69230b668abe86fc29baa6.png

Repeat the process for each Policy you have tried to activate using the Bulk Activation.

NOTE: If you have selected many Policies and one or more are available for activation, Actions > Activate Policy, the policy will be activated.

clipboard_e06e38cd2c34709796d1b07aaeab508df.png

If the selected Policies exceed, a scroll-bar will be displayed. Now the  Validation errors for Bulk Activation are resolved and to Activate Policy, go to Actions > Activate Policy.

Fingerprints

  1. On your DLP Policies list you see your Fingerprint Rule listed, with Inactive Status and if you select it, you will see the Validation errors.clipboard_e4df140b57d0ae51d88e1acebadd0aa4c.png
  2. Select Rules > Edit.
    clipboard_e0d7f9cbd386d140318ef5c6eec9e5d7a.png

Repeat the same process for Fingerprint Data and for all in red, until the error messages disappear.

  1. Select Next.
  2. Select Save. You can always select the policy again and check if any errors are still waiting to validation.

Now the  Validation errors for Fingerprints are resolved and to Activate Policy, go to Actions > Activate Policy.

Delete Policy Templates

To delete imported templates:

NOTE: Deleting an imported template does not delete any DLP policies created from the template. 

  1. In the Policy Templates page, select one or more imported templates. 
  2. Click Actions.
  3. Choose Delete Template(s) to delete the selected templates from the tenant.
    Delete Imported Policy Templates.png
  • Was this article helpful?